CVE-2025-6329HIGH 8.1EPSS p32.9%

CVE-2025-6329CVE-2025-6329

Description

A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Scoring

CVSS 3.18.1 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS0.41% probability of exploitation · percentile 32.9% · 2026-06-19T12:03:05Z
Published2025-06-20
Last modified2026-04-29

Underlying weaknesses· 2

CWE-285CWE-639

References

  1. https://vuldb.com/?ctiid.313325
  2. https://vuldb.com/?id.313325
  3. https://vuldb.com/?submit.596472
  4. https://www.websecurityinsights.my.id/2025/06/script-and-tools-real-estate-management.html

2

TypeTargetConfidenceTier
WeaknessImproper Authorizationcwe-2850%live
WeaknessAuthorization Bypass Through User-Controlled Keycwe-6390%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-5128
CVE
CVE-2025-9847
CVE
CVE-2025-5610
CVE
CVE-2025-5611
CVE
CVE-2025-6578
CVE
CVE-2025-10623
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.